Deceptive Deletion Triggers Under Coercion

For users in possession of password-protected encrypted data in persistent storage (i.e., “data at rest”), an obvious problem is that the password may be extracted by an adversary through dictionary attacks, or by coercing the user. Traditional full disk encryption (FDE) or plausibly deniable encryption cannot adequately address such situations. Therefore, making data verifiably inaccessible in a stealthy and quick fashion may be the preferred choice, specifically for users, such as government/corporate agents, journalists, and human rights activists with highly confidential secrets, when caught and interrogated in a hostile territory. Using secure storage on a trusted platform module (TPM) and modern CPU's trusted execution mode (e.g., Intel TXT), we design Gracewipe to enable secure and verifiable deletion of encryption keys through a special deletion password. When coerced, a user can fake compliance and enter the deletion password; and then, the user can prove to the adversary that Gracewipe has been executed and the real key is no longer available (through a TPM quote), hoping for a favorable situation (e.g., end of torture). To unlock the target encryption key, the adversary can only guess passwords through the valid Gracewipe environment with a high-risk of triggering deletion of the real key. Based on our two primary Gracewipe prototypes (i.e., software-based FDE with TrueCrypt and hardware-based FDE with self-encrypting drive), we also design and implement an extended family of unlocking schemes for triggering deletion, to achieve better plausibility, security and usability. We incur between 2-2.5 seconds delay during boot, and no performance penalty at run-time.

[1]  Tilo Müller,et al.  On the Practicability of Cold Boot Attacks , 2013, 2013 International Conference on Availability, Reliability and Security.

[2]  Mohammad Mannan,et al.  Gracewipe: Secure and Verifiable Deletion under Coercion , 2015, NDSS.

[3]  Dawn Xiaodong Song,et al.  Subliminal Probing for Private Information via EEG-Based BCI Devices , 2013, ArXiv.

[4]  Marko M. Slusarczuk,et al.  Emergency Destruction of Information Storing Media , 1987 .

[5]  Dan Boneh,et al.  Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks , 2012, USENIX Security Symposium.

[6]  Jeremy Clark,et al.  Panic Passwords: Authenticating under Duress , 2008, HotSec.

[7]  Alison Winter The Making of "Truth Serum," 1920-1940 , 2005, Bulletin of the history of medicine.

[8]  Gregory V. Bard,et al.  Spelling-Error Tolerant, Order-Independent Pass-Phrases via the Damerau-Levenshtein String-Edit Distance Metric , 2007, ACSW.

[9]  Johannes Götzfried,et al.  Mutual Authentication and Trust Bootstrapping towards Secure Disk Encryption , 2014, TSEC.

[10]  R. Carbone,et al.  An In-Depth Analysis of the Cold Boot Attack: Can It Be Used for Sound Forensic Memory Acquisition? , 2011 .

[11]  Peter Gutmann,et al.  Secure deletion of data from magnetic and solid-state memory , 1996 .

[12]  Sven Türpe,et al.  Attacking the BitLocker Boot Process , 2009, TRUST.

[13]  Markus Jakobsson,et al.  How to Forget a Secret , 1999, STACS.

[14]  Debin Gao,et al.  Fighting Coercion Attacks in Key Generation using Skin Conductance , 2010, USENIX Security Symposium.

[15]  Howard Jay Chizeck,et al.  Securing the exocortex: A twenty-first century cybernetics challenge , 2014, 2014 IEEE Conference on Norbert Wiener in the 21st Century (21CW).

[16]  Srdjan Capkun,et al.  Data Node Encrypted File System: Efficient Secure Deletion for Flash Memory , 2012, USENIX Security Symposium.

[17]  Srdjan Capkun,et al.  SoK: Secure Data Deletion , 2013, 2013 IEEE Symposium on Security and Privacy.

[18]  Rafal Wojtczuk,et al.  Another Way to Circumvent Intel ® Trusted Execution Technology , 2009 .

[19]  Richard J. Lipton,et al.  A Revocable Backup System , 1996, USENIX Security Symposium.

[20]  Markus G. Kuhn,et al.  StegFS: A Steganographic File System for Linux , 1999, Information Hiding.

[21]  Bruce Schneier,et al.  Defeating Encrypted and Deniable File Systems: TrueCrypt v5.1a and the Case of the Tattling OS and Applications , 2008, HotSec.

[22]  Adi Shamir,et al.  The Steganographic File System , 1998, Information Hiding.

[23]  Ariel J. Feldman,et al.  Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[24]  Amit A. Levy,et al.  Vanish: Increasing Data Privacy with Self-Destructing Data , 2009, USENIX Security Symposium.

[25]  Thomas Ristenpart,et al.  Cracking-Resistant Password Vaults Using Natural Language Encoders , 2015, 2015 IEEE Symposium on Security and Privacy.

[26]  Felix C. Freiling,et al.  Stark - Tamperproof Authentication to Resist Keylogging , 2013, Financial Cryptography.

[27]  Andreas Dewald,et al.  TRESOR Runs Encryption Securely Outside RAM , 2011, USENIX Security Symposium.